Hi to all,

This is the topology of the network I'm trying to set up. I wanted some help regarding the setting of ip route rules. Basically, PC_A wants to communicate with PC_D. Both hosts are directly connected to 2 other multi-homed PCs (B and C), which distribute traffic over Firewalls FW1 & FW2. B and C have three NICs each (eth0,1,2) while FW1 and FW2 have 2 each (eth0,1).

I want to do per-packet firewall load balancing. So I used the following commands:

On PC_B:
ip route add default scope global equalize nexthop via $IPaddr_PC_C_eth1 dev eth1 weight 1 nexthop via $IPaddr_PC_C_eth2 dev eth2 weight 1

On PC_C:
ip route add default scope global equalize nexthop via $IPaddr_PC_B_eth1 dev eth1 weight 1 nexthop via $IPaddr_PC_B_eth2 dev eth2 weight 1

On PC_A:

ip route add 192.168.10.0/24 via $IPaddr_PC_B_eth0

On PC_D:
ip route add 192.168.10.0/24 via $IPaddr_PC_C_eth0

FW1 & FW2:
I used an iptables rule to forward traffic from eth0 to eth1 on the firewall nodes.


I have enabled ip forwarding (ip_forward) and disabled return path filtering (rp_filter) on B, C, FW1 and FW2. PCs B and C have 2.6.16 kernels with kernel

options like advanced routing (CONFIG_IP_ADVANCED_ROUTER) and multipath route support selected.

I'm getting Destination host Unreachable msg. Can anyone tell me what am I doing wrong in the routing and/or what I'm not doing?



| eth1|-------|eth0 FW1 eth1|-------|eth1 |
PC_A--|eth0 PC_B | |PC_C eth0|--PC_D
| eth2|-------|eth0 FW2 eth1|-------|eth2 |



Warm regards,
Visham